Skip to main content

Learnster Okta SCIM Integration

This guide provides instructions on setting up a SCIM app in Okta with the goal of integrating into Learnster.

Liam Basham avatar
Written by Liam Basham
Updated over 3 months ago

Because of the differences between Okta and AD / Entra ID in how SCIM is handled, some extra configuration in Okta may be required depending on how users are configured in Okta.

Okta SCIM App Configuration

Reference — Okta-Learnster Field Mapping

Learnster User

Okta User

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

User primary email

Primary Email†

userName

Unique user identifier (SSO)

Primary Email†

userName

Is user active

User Active Status

active

Title

Title

title

Secondary email

Secondary Email

emails[type eq "work"].value

First name

First Name

name.givenName

Last Name

Last Name

name.familyName

Office

Postal Address

addresses[type eq "work"].formatted

User address street

Street Address

addresses[type eq "work"].streetAddress

User address city

City

addresses[type eq "work"].locality

User address postal code

Zip Code

addresses[type eq "work"].postalCode

Country

Country Code

addresses[type eq "work"].country

Phone number

Primary Phone

phoneNumbers[type eq "work"].value

Phone number

Mobile Phone

phoneNumbers[type eq "mobile"].value

SCIM external id

External ID

externalId

Company

Organization

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization

Direct Manager

ManagerId††

urn:ietf:params:scim:schemas:extension:enterprise:2.0:manager

† This can be configured per app. Default is Username, but recommendation is Email.

†† Expected to either be the UUID of the Learnster student or the email address of the manager user.

Integration Setup

  1. In the Okta Admin Console, navigate to Applications > Applications. Click Browse App Catalog.

  2. Search for SCIM in the search bar and locate SCIM 2.0 Test App (OAuth Bearer)”. Click on it and then press the Add Integration button.

  3. Name your app (i.e. “SCIM Learnster”) and click Next.

  4. Configure the Sign-On Options as needed for your organization to administer the app.

    1. If no special requirements are needed, you can select Secure Web Authentication > User sets username and password.

    2. Under Credential Details, it is recommended to set the Application username format to Email — this ensures that Learnster consistently receives the email of the user as a username regardless of user configuration. However, this does require that the email field for each user is filled.

    3. Click Done when finished.

  5. In your SCIM app, navigate to the Provisioning tab, then click Configure API Integration.

  6. You will need some information from Learnster Studio to configure the integration.

    1. Go to Learnster Studio and navigate to Settings > Integrations > Azure SCIM. Note that although it specifies Azure, it’s the same integration for Okta.

    2. Turn the Azure SCIM toggle on. This will display the URL and token needed by Okta to set up the integration. It is recommended you copy these fields into Okta immediately as they will not be visible again if you navigate away from this page.

  7. Go back to Okta and continue setting up the integration.

    1. Copy the Learnster Tenant URL to SCIM 2.0 Base URL in Okta.

    2. Copy the Learnster Secret Token to OAuth Bearer Token in Okta.

    3. Test the API credentials using the button at the bottom of the form. If it fails,

      • Ensure the information you entered into the fields above is correct.

      • Ensure that you’re using the correct base app. It must be SCIM 2.0 (not SCIM 1.1) and it must be OAuth Bearer for authentication (not Basic or Header auth).

    4. Click Save.

Mapping and Provisioning Configuration

  1. In your SCIM app in Okta, navigate to the Provisioning and go to the To App sub-tab. Click the Edit button in the top-right corner of the tab.

  2. Under Provisioning to App, enable the following:

    • Create Users

    • Update User Attributes

    • Deactivate Users

    1. Press Save at the bottom of the section.

❕ Note that you can leave any of these options disabled if you wish to exclude onboarding/offboarding/updating of users.

Address Type Mapping

Learnster will only import work type addresses from SCIM. This applies to the following Learnster fields:

  • Country

  • Office

  • Street Address

To ensure that these fields are synced, you must ensure the address type of the users being provisioned is work. The app’s default logic for this may work for you, but if the fields are not populating in Learnster in later steps, take the following steps:

  1. In your SCIM app in Okta, navigate to the Provisioning and go to the To App sub-tab. Scroll down to the Attribute Mappings section.

  2. Scroll down the mappings list until you find Address type. Click the pencil ✏️ icon to the right of the attribute. You’ll notice that the condition for an address to be considered work is that the user’s street address must be filled. If no street address is set on the user, the address is not considered a work address and none of the above fields will be synced with Learnster.

  3. To override the default condition, open the dropdown menu next to Attribute value and select Same value for all users. Then, in the text field beside the menu, type work. Then click Save.

    This will set the address type for all synced users to

    work, allowing address fields to be synced.

💡You can alter the mappings here to only sync certain fields to Learnster as well. You can delete mappings, for example, by pressing the ❌ button next to each field mapping in the list.

Assigning Users

Users can be assigned to the app individually or by group to be provisioned.

  1. In your SCIM app in Okta, navigate to the Assignments tab.

  2. Click the ➕ Assign button. You can either assign individual People or Groups.

❕ Note that assigning groups does not assign tags to the users based on groups. To do this, you will need to add Push Groups.

3. Whichever one you choose, you can follow the steps in the window to assign people/groups to the app. For each person/group, it will bring you through a step where you can manually edit fields for that person/group. In most cases, this can be ignored and you can click Save and Go Back.

💡 Note that, if any edits are made to the user from within the app — either during assignment in the above step or by clicking the pencil ✏️ icon next to the user in the Assignments tab of the app — the changes are only applied to the app. This can be useful to hide or alter fields before syncing with Learnster.

4. With default settings, users will be synced with Learnster as soon as they are assigned. If updates are pushed through the SCIM app, changes to users will be applied as soon as they are made.

⚠️ If any issues arise during syncing, a red ⚠️ warning icon will appear next to the user. Hovering over this icon will describe why the user could not be synced.

Assigning Tags via Groups

Tags can be assigned to users based on their group. Each tag’s text will be the same as the name of the group.

  1. In your SCIM app in Okta, navigate to the Push Groups tab.

  2. Click the ➕ Push Groups button. You can search groups by name or by rule.

  3. Find your group, then click Save at the bottom of the page.

  4. Your group will immediately be pushed. If successful, its status will change to Active and the tag will be created and assigned in Learnster.

❕ If your tag is created in Learnster but not assigned to one or all users, ensure that your users have successfully synced first (which can be seen in the Assignments tab).

Need more help?

You can reach out to our support via chat directly from Learnster!

Related Articles
How to configure Azure AD SCIM for a subset of users
SCIM Data Mapping
Learnster Azure AD SCIM Integration
Learnster Teamtailor Integration
Setting up Microsoft Teams Integration in MS Entra
Did this answer your question?